By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

In the case of Office 365, customers own their own data and Microsoft complies with a number of international standards to reassure customers that it doesn't look at that data.

"Though they certainly can," said Carl Brooks, analyst with Tier1 Research, a technology analyst company based in New York.

By comparison, Google search-mines its customer data for the betterment of its product and for other purposes as laid out in Google's privacy policy. But Google Apps for Business customers who pay for their services can restrict Google's search-mining tactics.

"It is something negotiated individually with Google -- and of course doesn't remove the actual fact that Google is in full control of user data," Brooks said.

Microsoft, comparatively, has worked for some time to assure customers of the cloud data privacy protection and security standards that Office 365 can meet, while maintaining a generally multi-tenant cloud service, said Wes Miller, an analyst with Directions on Microsoft, an independent analyst firm based in Kirkland, Wash.

Microsoft Office 365 customers retain all rights, title and interest in the data they store. At any time, customers can remove their data or download a copy without any assistance from Microsoft. If a customer closes their account, Microsoft provides additional limited access for 90 days to export your data.

In addition, Microsoft also undergoes third-party audits each year to prove that it complies with policies and procedures for security, privacy, continuity and data handling, the company said in an email.

Learn more about Microsoft cloud privacy

Office 365 also conforms to EU Model Clauses that address international transfer of data. For companies that need to comply with the Health Insurance Portability and Accountability Act (HIPAA), Microsoft will sign requirements for the HIPAA business associate agreement. The company also offers a standard data processing agreement (DPA) to all customers, which addresses privacy, security and handling of customer data. DPA allows customers to comply with their local regulations.

"I have not examined their liability in the event of violating the terms of these contracts, but it is a good first step for organizations that must remain compliant to the standards themselves," Miller said.

"In some ways, while people may wag their finger at the cloud in concern about compliance and security, it's a double-edged sword," he said. "If you host Exchange, Lync and SharePoint in your own data center -- or even more likely, in a data center where you're subletting rack space -- are you more or less cautious with your data and practical about your security than Microsoft or Google, for that matter, would be?"

Additional details on Office 365 privacy can be found in the Data Portability section of the Trust Center.

10 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Security is obviously a concern as is the inexorable rise in network traffic caused by the unnecessary use of cloud storage, tho' may be more of a general cloud issue than (MS Office 365).

Use of cloud storage in the drop box model is one thing but the trend towards storing everything in the cloud is a terrific waste of electrical energy resources, teh internet si already using a sizeable proportion of the eelctrical energy produced by the planet and this is set to size over the coming decades (IET review) to become the dominant use of electricity (or would do if energy resources were not finite ;-)

Even tho' MS may sign any number of agreements to implement and abide by standards etc. they are a large organisation with many thousand of employees (not all of whom will share MS altruistic motives and a few of which may see a way to a fast buck, by accident or design) and MS are a very high profile target for the unscrupulous making data theft by hackers that much more likely.

If we don't save documents in the cloud... and save locally, does MS have access to my documents - Not sure.Does MS have access to my Outlook data ? Is data stored on MS servers (am using POP3 ONLY) ? - not clear